Eurofins Scientific Update on the cyber-attack announced on June 3, 2019
As communicated in an ad hoc press release on Monday June 3rd, during the weekend of 1st/2nd June, Eurofins Scientific (EUFI.PA) was affected by a ransomware attack which caused disruption to many of its IT systems in several countries. Eurofins IT staff and their internal and external IT security teams and experts took prompt actions to contain the incident, mitigate its impact and have been working nonstop to return the IT operations to normal in the companies of the Group that have been affected. As Eurofins IT teams reacted promptly many of the Group’s companies were able to continue operating without impacting customers. Moreover, from Tuesday, 4th June we were able to resume full or partial operations for a number of impacted companies and continue to do so every day.
Eurofins companies have alerted and are cooperating with law enforcement agencies and renowned IT forensics and security companies in the investigation of this matter. The ransomware involved appears to have been a new malware variant which was initially non-detectable by the anti-malware screen of our leading global IT security services provider at the time of the attack and required an updated version made available only hours into the attack. The facts pattern of this attack as well as information from law enforcement and independent cybersecurity experts lead us to believe that this attack has been carried out by highly sophisticated well-resourced perpetrators. Forensics investigations are ongoing but we have identified the variant of the malware used and it is now being recognised and when detected neutralized by our IT security solutions as updated with the versions released on Sunday June 2nd.
Additional security tools we are deploying since then as well as the world class cyber security experts who are supporting us are and will be providing additional protection and monitoring. We are continuing to work intensively with leading cybersecurity experts to further secure our current systems and infrastructure and to add enhanced security features and measures to protect our systems and data.
The investigations conducted so far by our internal and external IT forensics experts have not found evidence of any unauthorised theft or transfer of confidential client data. The security of our client data and of all our IT systems is of the utmost importance to Eurofins. Eurofins companies remain committed to making significant investments in the continuous improvement of the security of their IT systems.